Support » Plugin: User Role Editor » Actions being triggered when they shouldn’t

  • Resolved arunasmazeika

    (@arunasmazeika)


    Hi,

    I’m reaching out to discuss something that I find very odd when editing roles from users when using your plugin.

    AFAIK there are two ways of removing assigned roles with your plugin:

    1. When editing the user
    2. On the plugin’s view (page=users-user-role-editor.php)

    On case #1 wordpress itself fires a set_user_role action and then you fire add_user_role (through ::add_role) to make up for the deleted roles. Example: I have 4 roles on the user, I uncheck one and save, WP says new role is administrator also poviding the list of assigned roles, and then your plugin issues two add_role calls to make up for the deleted roles. So far I agree with the plugin’s approach.

    On case #2, if I click save even without changing anything, I get a number of add_user_role actions fired which is equal to the current number of assigned roles of the user. I strongly disagree on this one. add_user_role must be triggered when explicitly adding a role and if you revoke roles before adding them again, then you must also issue an event for letting others know.

    On includes/clases/editor.php line 665 you are manually resetting the user roles array and then adding all the roles again using ::add_role. While this seems to work as you end up with the user having the assigned roles, this will confuse other plugins listening for roles actions as there’s no indication that the roles were silently “removed” and then re-added using the WP API.

    My suggestion here is to compute what changed and then just remove the roles (using ::remove_role) that need removing. In the same way, if you are just adding some new roles then just add those if they are not already present by calling ::add_role (you’ll need to double check again what changed and act accordingly). Any plugin that works with roles expects proper actions to be fired at the right time and unfortunately this isn’t the case right now.

    I’m happy to work with you on these changes and testing them if needed. Please let me know.

    Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Vladimir Garagulia

    (@shinephp)

    Hi,

    Thank you. I agree with your suggestion. I will enhance the code in this part for the next update.

    Thread Starter arunasmazeika

    (@arunasmazeika)

    Hi,

    Thanks for taking this into consideration. I can help with testing if you need, just let me know.

    Cheers,

    Arunas

    Plugin Author Vladimir Garagulia

    (@shinephp)

    Hi Arunas,

    I prepared updated version 4.59 to publishing. It includes the related update:

    * Update: Editing roles and capabilities granted to selected user (“Capabilities” link under user row at the “Users” list) executes ‘add_user_role’ or ‘remove_user_role’ actions only in case it really grants or revokes roles and/or capabilities. Previous versions fully revoked and granted again all roles during user permissions update even in case roles list was not changed. It leaded to the false execution of the mentioned add/remove role actions.

    It is available currently as development version from the bottom of Advanced View. It would be good if you test it.

    Thread Starter arunasmazeika

    (@arunasmazeika)

    Hello Vladimir,

    Just downloaded and tested it. It now works as expected. Thank you for taking the time to fix this 🙂

    Cheers,

    Arunas

    Plugin Author Vladimir Garagulia

    (@shinephp)

    Hi Arunas,

    Thanks for your help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.